diff options
| author | Tom Needham <needham.thomas@gmail.com> | 2012-08-03 11:56:11 +0000 |
|---|---|---|
| committer | Tom Needham <needham.thomas@gmail.com> | 2012-08-03 11:56:11 +0000 |
| commit | 6047a5fe515091d755e964c24de93fc29a5f9754 (patch) | |
| tree | 68839648ca6b2f6977f2c4ffb9b6442f7efa0225 /lib/api.php | |
| parent | a7906d813ad342f06d4834c10c1200002f7342d2 (diff) | |
| download | nextcloud-server-6047a5fe515091d755e964c24de93fc29a5f9754.tar.gz nextcloud-server-6047a5fe515091d755e964c24de93fc29a5f9754.zip | |
API: Check if the consumer has permissions to access the requested method
Diffstat (limited to 'lib/api.php')
| -rw-r--r-- | lib/api.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/api.php b/lib/api.php index 8fdfc63070b..90f36aefbcd 100644 --- a/lib/api.php +++ b/lib/api.php @@ -73,11 +73,17 @@ class OC_API { // Loop through registered actions foreach(self::$actions[$name] as $action){ $app = $action['app']; - if(is_callable($action['action'])){ - $responses[] = array('app' => $app, 'response' => call_user_func($action['action'], $parameters)); + // Check the consumer has permission to call this method. + if(OC_OAuth_Server::isAuthorised('app_'.$app)){ + if(is_callable($action['action'])){ + $responses[] = array('app' => $app, 'response' => call_user_func($action['action'], $parameters)); + } else { + $responses[] = array('app' => $app, 'response' => 501); + } } else { - $responses[] = array('app' => $app, 'response' => 501); + $responses[] = array('app' => $app, 'response' => 401); } + } // Merge the responses $response = self::mergeResponses($responses); |